reactiveweb No license 10 versions

reactiveweb

npm Repository Homepage

10

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

nullvoxpopuli

Keywords

ember-addon

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition to GitHub Actions publishing is confirmed by SLSA attestation; consistent with documented CI/CD migration.	ai	2026/06/16
dependencies	unvetted-dep:ember-resources	AI (dependencies): Core Ember ecosystem dependency; expected for this addon type.	ai	2026/04/28
dependencies	unvetted-dep:@embroider/macros	AI (dependencies): Standard Embroider toolchain package; expected for v2 Ember addons.	ai	2026/04/28
dependencies	unvetted-dep:decorator-transforms	AI (dependencies): Standard Embroider/decorator toolchain package; expected for this addon.	ai	2026/04/28
dependencies	unvetted-dep:@embroider/addon-shim	AI (dependencies): Standard Embroider v2 addon shim; expected for this addon type.	ai	2026/04/28

Versions (showing 10 of 10)

Version	Deps	Published
1.9.3	3 / 27	2026-06-15
1.9.1	4 / 26	2025-12-23
1.9.0	4 / 33	2025-08-29
1.8.0	5 / 33	2025-07-19
1.7.0	5 / 32	2025-07-11
1.6.2	5 / 32	2025-06-29
1.6.1	5 / 32	2025-06-20
1.6.0	5 / 32	2025-06-12
1.5.0	5 / 32	2025-05-28
1.4.2	5 / 32	2025-05-07

v1.9.3

2 findings

HIGH Publisher changed: nullvoxpopuli → GitHub Actions (on 2026-06-15) provenance

This version was published by a different npm account than previous versions on 2026-06-15. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.9.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.9.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.8.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.7.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.4.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.